Lucene search
K

104 matches found

CVE
CVE
added 2022/05/31 7:30 p.m.78 views

CVE-2022-31011

Summary: CVE-2022-31011 affects PingCAP TiDB HTAP database. Under certain conditions, an attacker can craft malicious authentication requests to bypass authentication, causing privilege escalation or unauthorized access. The vulnerability specifically impacts TiDB 5.3.0; a patch is available in T...

7.8CVSS7.8AI score0.00311EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/31 7:30 p.m.33 views

CVE-2022-31011 TiDB authentication bypass vulnerability

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

7.8CVSS8.1AI score0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/05/31 7:30 p.m.6 views

CVE-2022-31011 TiDB authentication bypass vulnerability

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

7.8CVSS7.9AI score0.00311EPSS
Exploits0References2
OSV
OSV
added 2022/05/31 7:30 p.m.22 views

CVE-2022-31011 TiDB authentication bypass vulnerability

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

7.8CVSS7.7AI score0.00311EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/31 12:0 a.m.4 views

PingCAP TiDB 授权问题漏洞

PingCAP TiDB is an open source, cloud-native, distributed, MySQL-compatible database for elastic scaling and real-time analytics from China-based PingCAP. PingCAP TiDB version 5.3.0 suffers from an authorization issue vulnerability, which stems from a problem with application rights management. A...

7.8CVSS7.3AI score0.00311EPSS
Exploits0References3
Veracode
Veracode
added 2022/05/26 6:10 a.m.25 views

Authentication Bypass

github.com/pingcap/tidb is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly restrict the access path, allowing an attacker to bypass the authentication process by providing malicious authentication requests, resulting in privilege escalation or...

7.8CVSS7.7AI score0.00311EPSS
Exploits0References4Affected Software1
Huntr
Huntr
added 2021/12/26 1:9 p.m.19 views

Data Source Name Injection

Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...

7.5CVSS0.00562EPSS
Exploits0References1
Veracode
Veracode
added 2021/05/10 4:41 a.m.22 views

SQL Injection

storage-jdbc-hikaricp-plugin is vulnerable to SQL injection. The wildcard query cases when using H2/MySQL/TiDB allows an attacker to inject and execute arbitrary SQL statements...

9.8CVSS4.6AI score0.33478EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 3:53 p.m.48 views

SQL Injection in Apache SkyWalking

Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS2.6AI score0.33478EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/05/07 3:53 p.m.23 views

GHSA-GRPF-GG7V-5G5H SQL Injection in Apache SkyWalking

Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS9.7AI score0.33478EPSS
Exploits0References8
NVD
NVD
added 2020/08/05 2:15 p.m.21 views

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS9.7AI score0.33478EPSS
Exploits0References3
OSV
OSV
added 2020/08/05 2:15 p.m.25 views

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS9.7AI score
Exploits0References3
Prion
Prion
added 2020/08/05 2:15 p.m.21 views

Sql injection

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

7.5CVSS9.7AI score0.33478EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2020/08/05 2:15 p.m.11 views

PYSEC-2020-342

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS8.1AI score0.33478EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/08/05 2:15 p.m.14 views

PYSEC-2020-342

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS7.3AI score0.33478EPSS
Exploits0References3
CVE
CVE
added 2020/08/05 1:25 p.m.100 views

CVE-2020-13921

The CVE-2020-13921 issue affects Apache SkyWalking when using H2/MySQL/TiDB as the storage backend. The vulnerability is a SQL injection in the wildcard query cases, introduced by insufficient validation of user-supplied input for wildcard alarm searches via GraphQL. Affects the storage-implement...

9.8CVSS9.6AI score0.33478EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/08/05 1:25 p.m.39 views

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8AI score0.33478EPSS
Exploits0References3
OSV
OSV
added 2020/06/30 3:15 p.m.22 views

CVE-2020-9483

Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...

7.5CVSS7.6AI score
Exploits0References1
Prion
Prion
added 2020/06/30 3:15 p.m.22 views

Sql injection

Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...

5CVSS7.8AI score0.34613EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/06/30 2:28 p.m.24 views

CVE-2020-9483

Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...

7.8AI score0.34613EPSS
Exploits1References1
Rows per page
Query Builder